thoughts on one time pads

John Denker jsd at
Fri Jan 27 14:31:39 EST 2006

Dave Howe wrote:

> Hmm. can you selectively blank areas of CD-RW?

Sure, you can.  It isn't soooo much different from rewriting any
other type of disk.

There are various versions of getting rid of a disk file.
  1) Deletion:  Throwing away the pointer and putting the blocks back
   on the free list.  This is well known to be grossly insecure.
  2) Zeroizing the blocks in place (followed by deletion).  This
   is vastly better, but still not entirely secure, because there
   are typically stray remnants of the pattern sitting "beside"
   the nominal track, and a sufficiently-determined adversary
   may be able to recover them.
  3) Trashing the blocks, i.e. overwriting them in place with
   crypto-grade random numbers (followed by optional zeroizing,
   followed by deletion).  This makes it harder for anyone to
   recover strays.
  4) Half-track trashing.  This requires wizardly disk hardware,
   which shifts the head half a track either side of nominal,
   and *then* writes random numbers.  I might be persuaded that
   this really gets rid of strays.
  5) Grinding the disk to dust.  AFAIK this is the only NSA-approved
   method.  A suitable grinder costs about $1400.00.

   One drawback with this is that you have to destroy a whole
   disk at a time.  That's a problem, because if you have a
   whole disk full of daily keys, you want to destroy each
   day's key as soon as you are through using it.  There
   are ways around this, such as reading the disk into volatile
   RAM and then grinding the disk ... then you just have to make
   sure the RAM is neither more volatile nor less volatile than
   you wanted it to be.  That is, you use the disk for *distribution*
   but not necessarily for intermediate-term storage.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list